Bill Text: TX SB768 | 2023-2024 | 88th Legislature | Comm Sub
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Relating to the process for notifying the attorney general of a breach of security of computerized data by persons doing business in this state.
Spectrum: Slight Partisan Bill (Republican 2-1)
Status: (Passed) 2023-05-27 - Effective on 9/1/23 [SB768 Detail]
Download: Texas-2023-SB768-Comm_Sub.html
Bill Title: Relating to the process for notifying the attorney general of a breach of security of computerized data by persons doing business in this state.
Spectrum: Slight Partisan Bill (Republican 2-1)
Status: (Passed) 2023-05-27 - Effective on 9/1/23 [SB768 Detail]
Download: Texas-2023-SB768-Comm_Sub.html
| By: Parker | S.B. No. 768 | |
| (In the Senate - Filed February 7, 2023; March 1, 2023, read | ||
| first time and referred to Committee on Business & Commerce; | ||
| March 27, 2023, reported favorably by the following vote: Yeas 10, | ||
| Nays 0; March 27, 2023, sent to printer.) | ||
|
|
||
|
|
||
| relating to the process for notifying the attorney general of a | ||
| breach of security of computerized data by persons doing business | ||
| in this state. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. Sections 521.053(i) and (j), Business & Commerce | ||
| Code, are amended to read as follows: | ||
| (i) A person who is required to disclose or provide | ||
| notification of a breach of system security under this section | ||
| shall notify the attorney general of that breach as soon as | ||
| practicable and not later than the 30th [ |
||
| which the person determines that the breach occurred if the breach | ||
| involves at least 250 residents of this state. The notification | ||
| under this subsection must be submitted electronically using a form | ||
| accessed through the attorney general's Internet website and must | ||
| include: | ||
| (1) a detailed description of the nature and | ||
| circumstances of the breach or the use of sensitive personal | ||
| information acquired as a result of the breach; | ||
| (2) the number of residents of this state affected by | ||
| the breach at the time of notification; | ||
| (3) the number of affected residents that have been | ||
| sent a disclosure of the breach by mail or other direct method of | ||
| communication at the time of notification; | ||
| (4) the measures taken by the person regarding the | ||
| breach; | ||
| (5) any measures the person intends to take regarding | ||
| the breach after the notification under this subsection; and | ||
| (6) information regarding whether law enforcement is | ||
| engaged in investigating the breach. | ||
| (j) The attorney general shall post on the attorney | ||
| general's publicly accessible Internet website: | ||
| (1) an electronic form for submitting a notification | ||
| under Subsection (i); and | ||
| (2) a listing of the notifications received by the | ||
| attorney general under Subsection (i), excluding any sensitive | ||
| personal information that may have been reported to the attorney | ||
| general under that subsection, any information that may compromise | ||
| a data system's security, and any other information reported to the | ||
| attorney general that is made confidential by law. The attorney | ||
| general shall: | ||
| (A) [ |
||
| 30th day after the date the attorney general receives notification | ||
| of a new breach of system security; | ||
| (B) [ |
||
| not later than the first anniversary of the date the attorney | ||
| general added the notification to the listing if the person who | ||
| provided the notification has not notified the attorney general of | ||
| any additional breaches under Subsection (i) during that period; | ||
| and | ||
| (C) [ |
||
| updated listing on the attorney general's website. | ||
| SECTION 2. This Act takes effect September 1, 2023. | ||
| * * * * * | ||
